cxs

Changes:

• Fixed bugs in –decode [file] output report and improved content of the report
• Exploit fingerprint definitions database additions

Changes:

• Modified –decode [file] and –options [D] to drop privileges to the “nobody” user while running the interactive php interpreter and on the ownership of the decoded file while processing it

Changes:

• Added new scanning option: cxs Watch. This is an alternative to ftp and web script upload scanning. The cxs Watch daemon uses a separate process to watch entire user accounts for new and modified files and scans them immediately. The scanning children use up significantly fewer resources than the ftp and web script upload scanning methods. This new feature requires:
  

Changes:

• Fixed html problem viewing Quarantine via the UI in FF4

Changes:

• Reinstated the Scan Report header for the –all option lost in v1.55
• Added new option –www to only scan within the public_html/ directory when using –allusers or –user [user]
• Exploit regex definitions database additions
• Exploit fingerprint definitions database additions

Changes:

• Modified FTP IP Address lookup code to only read the last 64K of the relevant log file, improving lookup speed and resource usage
• Made /etc/init.d/pure-uploadscript LSB compliant
• Exploit fingerprint definitions database additions

Changes:

• Added a note to the CGI alert email for ModSecurity false-positives where the request body is inspected before Apache has a chance to determine whether the called script exists (i.e. a 404)
• Added new option –wttw [file] which is available for submitting text exploits (i.e. PHP, Perl, Shell) to ConfigServer if cxs fails to detect it. The file is sent as an attachment via email. Please be sure to read the documentation before using this option
• Exploit fingerprint definitions database additions

Changes:

• Sort File::Find directory traversal/files alphabetically
• Multiple scanning performance and resource usage improvements
• –voptions [M] removed as it serves no function
• Added text for –options [M] (Known exploit) where we have it
• Improvements to relative path file/directory scanning
• Exploit fingerprint definitions database additions

Changes:

• Ignore SIGPIPE when using –decode (–options [D]) while running interactive php interpreter, which caused scans to abort
• Exploit regex definitions database additions
• Exploit fingerprint definitions database additions

Changes:

• Sort Quarantine UI users
• If –quarantine or –delete fails (e.g. an immutable file), report failure to do so. Failure to quarantine will no longer attempt removal of the original file
• Only “View” quarantine files in UI if they are text files
• Exploit regex definitions database additions
• Exploit fingerprint definitions database additions